browser-record

Warn

Audited by Socket on May 19, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the core behavior matches a browser-session recording skill, but its footprint is broader than necessary because it combines arbitrary web content ingestion with Bash/Read/Write and executes external npm CLIs at runtime. The main concern is medium supply-chain risk from `npx`, especially the unpinned `@claude-flow/cli@latest`, plus moderate data-capture and prompt-injection risk from tracing arbitrary pages without immediate redaction.

Confidence: 82%Severity: 58%
Audit Metadata
Analyzed At
May 19, 2026, 10:48 PM
Package URL
pkg:socket/skills-sh/ruvnet%2Fruflo%2Fbrowser-record%2F@b870d248fb035b2853a9a78a20ac5917651fb222
Security Audit — socket — browser-record